It's a firmware hack...you DON'T need physical access to the keyboard if you can flash the firmware via a virus/malware/backdoor/etc. So yes, it's quite a bit more serious than those PS2 keyloggers.. besides, those were rather easy to notice if you looked there. But a firmware hack cannot be detected with plain eyesight, and even in software you'd need to read the firmware and verify it against a known good one.

Well, in that implementation you have to hit return a few times quickly to read the contents out, so you do have to have access to the keyboard to do anything with it.

But anyway, if I am at a point where I am already running arbitrary code on a users machine, I think I would rather install a keylogger in software that has the capability to send the keystrokes directly to my server, rather than install a much crappier keylogger into their keyboard

You're right that this isn't exactly the end of the world. But it isn't a totally unreasonable thing for a bored hacker to do IN ADDITION to installing a standard software keylogger. If the attack installs a firmware rootkit in the keyboard, it would be tough to know about an eradicate since even a totally clean install would not get rid of it.

On another note, I don't think we have any reason to believe that this problem applies solely to apple. Other manufacturers probably also have firmware on their keyboards and perhaps they don't bother to implement a proper code-signing system on their keyboard microcontrollers (it would be prohibitively expensive probably).